| 1 |
commit: fba048b31aa18b9f42c843863cd2e750854c86ce |
| 2 |
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org> |
| 3 |
AuthorDate: Thu Jan 28 15:55:09 2021 +0000 |
| 4 |
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Feb 1 01:21:42 2021 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fba048b3 |
| 7 |
|
| 8 |
devicekit, jabber, samba: Move lines. |
| 9 |
|
| 10 |
Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org> |
| 11 |
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org> |
| 12 |
|
| 13 |
policy/modules/services/devicekit.te | 4 ++-- |
| 14 |
policy/modules/services/jabber.te | 3 +-- |
| 15 |
policy/modules/services/samba.te | 3 ++- |
| 16 |
3 files changed, 5 insertions(+), 5 deletions(-) |
| 17 |
|
| 18 |
diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te |
| 19 |
index b69c8113..25f93898 100644 |
| 20 |
--- a/policy/modules/services/devicekit.te |
| 21 |
+++ b/policy/modules/services/devicekit.te |
| 22 |
@@ -131,11 +131,11 @@ fs_mount_all_fs(devicekit_disk_t) |
| 23 |
fs_unmount_all_fs(devicekit_disk_t) |
| 24 |
fs_search_all(devicekit_disk_t) |
| 25 |
|
| 26 |
-mount_rw_runtime_files(devicekit_disk_t) |
| 27 |
- |
| 28 |
mls_file_read_all_levels(devicekit_disk_t) |
| 29 |
mls_file_write_to_clearance(devicekit_disk_t) |
| 30 |
|
| 31 |
+mount_rw_runtime_files(devicekit_disk_t) |
| 32 |
+ |
| 33 |
storage_raw_read_fixed_disk(devicekit_disk_t) |
| 34 |
storage_raw_write_fixed_disk(devicekit_disk_t) |
| 35 |
storage_raw_read_removable_device(devicekit_disk_t) |
| 36 |
|
| 37 |
diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te |
| 38 |
index 06273d09..30d53a8c 100644 |
| 39 |
--- a/policy/modules/services/jabber.te |
| 40 |
+++ b/policy/modules/services/jabber.te |
| 41 |
@@ -84,6 +84,7 @@ manage_files_pattern(jabberd_t, jabberd_log_t, jabberd_log_t) |
| 42 |
logging_log_filetrans(jabberd_t, jabberd_log_t, { file dir }) |
| 43 |
|
| 44 |
manage_files_pattern(jabberd_domain, jabberd_spool_t, jabberd_spool_t) |
| 45 |
+files_search_var_lib(jabberd_t) |
| 46 |
|
| 47 |
manage_files_pattern(jabberd_t, jabberd_runtime_t, jabberd_runtime_t) |
| 48 |
files_runtime_filetrans(jabberd_t, jabberd_runtime_t, file) |
| 49 |
@@ -110,8 +111,6 @@ files_read_etc_runtime_files(jabberd_t) |
| 50 |
# usr for lua modules |
| 51 |
files_read_usr_files(jabberd_t) |
| 52 |
|
| 53 |
-files_search_var_lib(jabberd_t) |
| 54 |
- |
| 55 |
fs_search_auto_mountpoints(jabberd_t) |
| 56 |
|
| 57 |
miscfiles_read_generic_tls_privkey(jabberd_t) |
| 58 |
|
| 59 |
diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te |
| 60 |
index 40b6684c..10960805 100644 |
| 61 |
--- a/policy/modules/services/samba.te |
| 62 |
+++ b/policy/modules/services/samba.te |
| 63 |
@@ -621,7 +621,6 @@ allow smbcontrol_t self:process { signal signull }; |
| 64 |
allow smbcontrol_t { winbind_t nmbd_t smbd_t }:process { signal signull }; |
| 65 |
read_files_pattern(smbcontrol_t, samba_runtime_t, samba_runtime_t) |
| 66 |
allow smbcontrol_t samba_runtime_t:dir rw_dir_perms; |
| 67 |
-init_use_fds(smbcontrol_t) |
| 68 |
|
| 69 |
manage_files_pattern(smbcontrol_t, samba_var_t, samba_var_t) |
| 70 |
|
| 71 |
@@ -638,6 +637,8 @@ files_search_var_lib(smbcontrol_t) |
| 72 |
|
| 73 |
term_use_console(smbcontrol_t) |
| 74 |
|
| 75 |
+init_use_fds(smbcontrol_t) |
| 76 |
+ |
| 77 |
miscfiles_read_localization(smbcontrol_t) |
| 78 |
|
| 79 |
sysnet_use_ldap(smbcontrol_t) |
Archives